Security.

Disclosure Channel

Send vulnerability reports to security@seifertdynamics.com.

PGP key available on request. Encrypted submissions are encouraged for high-severity reports. Use the email subject line [SECURITY] so the message is triaged immediately.

Response SLA

Acknowledgment within one business day. Triage and severity assessment within five business days. Status updates at least weekly until resolution.

We support coordinated disclosure timelines. By default, we publish a brief security note (with researcher credit, unless you ask otherwise) when the fix is deployed.

Scope

In scope: production systems we operate — seifertdynamics.com, atlas.seifertdynamics.com, argus.seifertdynamics.com — and the Atlas / Argus platform binaries we distribute.

Out of scope: third-party services we link to, social-engineering tests against personnel, physical attacks, denial-of-service load testing, and findings that require physical access to staff devices. Customer deployments are addressed under their deployment-specific terms.

Safe Harbor

We will not pursue legal action against researchers who report vulnerabilities in good faith and within the scope above.

To stay within safe harbor: do not access, modify, or exfiltrate data beyond what is strictly required to demonstrate the issue. Do not pivot into other systems. Stop once you can reproduce the finding.

Recognition

We do not currently run a paid bounty program. We do credit researchers in our security notes and we keep a private hall of fame; reach out if you'd like to be listed.